Apple Security Updates – May 2017

Apple fixed 141 vulnerabilities across multiple products including macOS Sierra, iOS, watchOS, tvOS, iCloud, Safari, and iTunes. Most of the vulnerabilities exist in some instances with root privileges (41 in iOS 41, 37 in macOS Sierra, 23 in tvOS and 12 in watchOS) and could lead to arbitrary code execution.

Apple also fixed 26 vulnerabilities in Safari browser, which could lead to arbitrary code execution. The rest of the vulnerabilities could lead to universal cross-site scripting, the exfiltration of data cross-origin, application termination, and spoofing. Out of 26, 23 vulnerabilities exist in WebKit web browser engine.

Apple also fixed arbitrary code execution vulnerabilities in iCloud and iTunes for Windows.

Impact: The above vulnerabilities may lead to the execution of arbitrary code, opening arbitrary websites without user permission, escape its sandbox, gain kernel/system privileges and read restricted memory.